Web Security Dev Academy - 12-week online program

16h 37m 20s
English
Paid

Course description

Master the full scope of web security and learn to develop secure full-stack applications with reliable authorization, protection against vulnerabilities, and modern protocols such as OAuth and OIDC.

Read more about the course

What you will receive:

  • A complete understanding of web application security models - from theory to practice
  • Knowledge of typical vulnerabilities and methods to prevent them at industry standards level
  • Skills in designing and implementing a secure role-based access model in a real full-stack application
  • Understanding and ability to securely implement OAuth/OIDC flows for different scenarios

Who the course is suitable for:

  • Full-stack developers looking to enhance their security skills
  • Frontend developers concerned with client-side application security
  • Backend developers striving for secure server logic architecture
  • Application security engineers wanting a deeper understanding of practical implementation
  • System administrators interested in security from a code perspective

Who the course is not suitable for:

  • Those unfamiliar with JavaScript and HTML
  • Beginners with no experience in web development
  • Those looking for foundational IT or network security knowledge
  • Developers focused on design and UX

You will learn to:

  • Develop secure web applications, not blindly relying on frameworks
  • See security as a comprehensive task, covering both frontend and backend
  • Integrate security into the daily development process
  • Apply practices that truly work in real-world conditions

Practical project:

You will secure a full-fledged personal expense tracking application consisting of modules: authorization, dashboard, expenses, settings, and admin panel. The key focus is on implementing a role-based access control (RBAC) model and incorporating modern security mechanisms on both client and server sides.

Main stack: Angular and Node.js with TypeScript, however, the first 5 modules of the course are technologically neutral, allowing you to adapt the knowledge to any stack.

Watch Online

This is a demo lesson (10:00 remaining)

You can watch up to 10 minutes for free. Subscribe to unlock all 129 lessons in this course and access 10,000+ hours of premium content across all courses.

View Pricing

Watch Online Web Security Dev Academy - 12-week online program

0:00
/
#1: Welcome lesson

All Course Lessons (129)

#Lesson TitleDurationAccess
1
Welcome lesson Demo
01:34
2
Program structure and topics
03:06
3
Training outcomes
02:11
4
What you need
02:03
5
Your first task
01:13
6
Welcome lesson
00:39
7
Same-origin policy
06:29
8
Cross-origin resource sharing
02:37
9
Same-origin policy [LABS]
07:34
10
Cross-origin resource sharing [LABS]
03:11
11
Content Security Policy
07:11
12
Content Security Policy [LABS]
22:54
13
Content Security Policy - Reporting [LABS]
02:45
14
Subresource Integrity [LABS]
03:16
15
Homework
00:59
16
Welcome lesson
00:33
17
Client-side security boundaries
09:23
18
Server-side security
09:13
19
HTTPS
06:02
20
Sessions vs. Tokens
17:21
21
When to use Sessions vs. JWT Tokens
05:52
22
Homework
02:08
23
Welcome lesson
01:01
24
OWASP Top 10
20:22
25
Cross-site scripting
11:17
26
Cross-site scripting [LABS]
15:49
27
Cross-site request forgery
10:15
28
Cross-site request forgery [LABS]
18:44
29
JWT Hacking
14:33
30
Other security vulnerabilities
01:51
31
Welcome lesson
00:19
32
Application overview
10:59
33
Application presentation
03:04
34
Application architecture
10:09
35
Authentication vs. authorization
07:23
36
Secured Angular part
07:55
37
Secured API
10:19
38
Node.js application setup
03:37
39
Homework
01:48
40
Welcome lesson
01:00
41
Features overview
13:54
42
Login feature [Angular]
14:00
43
Login feature [Node]
19:47
44
Sign up feature [Angular]
05:23
45
Sign up feature [Node]
15:01
46
Router Guards
05:42
47
Http Interceptors
08:09
48
Homework
01:16
49
Welcome lesson
00:33
50
XSS prevention
11:01
51
CSRF prevention
12:39
52
HttpOnly and Secure Cookies
02:06
53
UserAuth object
06:27
54
Conditional components visibility
08:55
55
Homework
01:00
56
Welcome lesson
00:59
57
UserAuth object
04:45
58
Server-side session
03:11
59
Logging access and application events
23:25
60
Throttling failed logins
13:29
61
Input sanitization and validation
12:25
62
Preventing calls without the proper role
07:08
63
Preventing calls without the ownership
03:23
64
Setting up CORS
02:42
65
Homework
01:35
66
Welcome lesson
01:06
67
Adding a new user to account [Angular]
16:13
68
Adding a new user to account [Node]
13:06
69
Confirming a new user for account [Angular]
05:00
70
Confirming a new user for account [Node]
01:41
71
Password recovery
11:49
72
Managing active sessions
13:40
73
Welcome lesson
02:06
74
Introduction to OAuth 2.0
09:59
75
Different client types and suitable OAuth flows
18:51
76
Security measures in OAuth
09:43
77
PKCE
08:52
78
OpenID Connect
11:48
79
Id Token with Implicit flow
03:40
80
Id Token with Implicit flow [CODE]
09:54
81
Authorization Code flow [CODE]
25:33
82
OAuth/OIDC Homework
03:38
83
Multi-factor authentication introduction
12:07
84
Two-factor authentication demo
02:51
85
Requesting OTP [Angular]
09:46
86
Validating OTP [Node]
08:36
87
2FA settings [Angular]
05:19
88
2FA settings [Node]
04:14
89
External user management introduction
18:23
90
Budget and Auth0 integration presentation
01:59
91
Auth0 integration [Angular]
03:08
92
Auth0 integration [Node]
13:59
93
Homework
00:54
94
Intro
01:19
95
Getting started
05:10
96
Basic match
03:20
97
Basic allow
02:17
98
Basic conditions
03:33
99
Common examples
05:31
100
Functions
04:30
101
Read other documents
03:58
102
Chat example
04:49
103
Role-based auth example
05:44
104
Security testing introduction
02:49
105
Setting up mock Firestore
04:01
106
Unit testing with mock data
03:59
107
Debugging security rules
02:05
108
Welcome lesson
03:05
109
Personal data introduction
21:21
110
Privacy Policy
21:38
111
Terms and Conditions
02:52
112
GDPR and regulations in the World
13:55
113
Cookies
15:10
114
Summary
05:43
115
Introduction
02:53
116
Same-origin Policy
02:02
117
User authentication
03:35
118
Origin spoofing
01:40
119
Input validation
03:22
120
TCP tunneling
04:19
121
Denial of Service (DoS)
02:10
122
WSS Encryption
00:59
123
Simple WebSocket demo [LABS]
05:03
124
Content Security Policy [LABS]
02:25
125
Authentication [LABS]
08:55
126
Cross-site WebSocket hijacking [LABS]
02:23
127
Goodbye and kind request
01:41
128
LIVE: Module 3 @ 20/06/2024
36:24
129
Secure Serverless Devlopment @ Marek Sottl
01:07:11

Unlock unlimited learning

Get instant access to all 128 lessons in this course, plus thousands of other premium courses. One subscription, unlimited knowledge.

Learn more about subscription

Comments

0 comments

Want to join the conversation?

Sign in to comment

Similar courses

TypeScript Pro Essentials

TypeScript Pro Essentials

Sources: Matt Pocock
You've tested the waters with TypeScript, but deep down you know that you're missing something. You've heard that TypeScript is the answer to all the prob...
11 hours 2 minutes 12 seconds
UI Architecture Academy. Q&A Calls

UI Architecture Academy. Q&A Calls

Sources: Logic Room
A series of group coaching sessions, guidance from a coach, answers to questions, and support throughout the course "Academy of UI Architecture."
20 hours 50 minutes 44 seconds
Building Your First App with Spring Boot and Angular

Building Your First App with Spring Boot and Angular

Sources: pluralsight
Spring Boot and Angular have forever changed how web applications are built. Understanding how they work is essential for any full-stack developer. In this course, Building Your...
2 hours 22 minutes 15 seconds